A WISP is your strategy or game plan for keeping your client’s personal and financial information safe.
1 min read
Dave Nielsen lives in Salt Lake City. He holds a PhD from the University of Cincinnati and writes regularly about business and healthcare.
In accounting, WISP stands for Written Information Security Plan. A WISP is a document that accountants are required by law to create. A WISP is your strategy or game plan for keeping your client’s personal and financial information safe. If you get paid to do someone’s accounting, then yes! You’re going to need a WISP.
Creating a WISP is a helpful exercise since it makes you access what you and your firm is doing to protect your clients from hackers, financial marauders, or other potential security breaches. Then again, making a WISP is also now the law —which means knowing how a WISP works is mandatory.
Once upon a time, there was a law called the Gramm-Leach-Bliley Act. It said that financial institutions, which your beloved accounting firm is one of, are required to protect customer data.
The Federal Trade Commission (FTC) soon followed this law up with something called the Safeguards Rule.
The Safeguards Rule gives you the nitty-gritty. It says that to stay on good terms with the law, every financial institution in the United States of America needs to do the following, and I quote:
Your WISP is a written document, double-spaced and in font size 12, of all the ways your accounting firm is meeting these requirements.
Okay, okay, the Safeguards Rule doesn’t say anything about double-spaced or font size 12. That’s just a little humor. But it does say that you have to create the document and that it needs to be more or less coherent.
If you don’t want to create a WISP yourself, you can hire another person or company to do it for you. Then again,you can also go to the IRS website and download a document that walks you through the process.
The document is creatively entitled “Creating a Written Information Security Plan for your Tax & Accounting Practice.” As you can see, the person who did the final editing on the document didn’t quite understand the difference between Title Case and Sentence Case. The “your” should actually be capitalized.
What’s inside the document is what matters, and fortunately, it’s pretty helpful. For example, on page 5, you get a recommended table of contents for your WISP. It looks more or less like this:
1. Define the WISP Objectives, purpose, and scope
2. Identify responsible individuals
3. Assess Risks
4. Inventory Hardware
5. Document Safety Measures in place
6. Draft an Implementation clause
7. Attachments
Again, don’t think too hard about the IRS and FTC’s shocking lack of understanding when it comes to Title Case vs. Sentence Case. Focus instead on what the words are saying, and then follow the outline.
Later on, there’s even an example WISP that you can follow as a template for your own document.
Now that you’ve learned a little about WISPs, there’s only one question that remains: Is a WISP required for a PTIN? You bet your socks it is.
Anyone who gets paid to help someone with their accounting needs a WISP. In fact, the PTIN application has a checkbox for confirming that you have a WISP. When you get to that moment, try to remember George Washington accidentally chopping down his father’s cherry tree, and then mark the box as truth dictates you to do. (Hopefully, you just have a WISP ready to go so you don’t have to think too hard about it.)
That about wraps it up for this week’s episode on the historical, emotional, spiritual, and legal importance of WISPs.
Wanting more content about the accounting industry? Subscribe to our email newsletter.
Explore more of our recent Articles, User Stories, and Ebooks.
3 min read
Lauren Miller is a content writer for Canopy.
0 min read
Lauren Miller is a content writer for Canopy.
Canopy takes the headaches out of client management by offering a way to keep client info organized.
I love how easy it is to setup a new client in this software. Once set up, it's one click to get IRS transcripts downloaded for my review. This saves me at least an hour each week in comparison to the software I used to use.
This makes workflow for tax resolution manageable. This business is a bunch of hurry up and wait. This system helps to refresh my memory while transitioning to different clients.
The ability to securely share documents with clients as well as complete POAs from client contact data already in Canopy. The ability to route workflow between team members with color coded statuses allows us to work efficiently.
Cool features, outstanding customer service, constantly updating to make it better. I love that I can upload files easily to a secure client portal and we don't have to email files anymore. Absolutely can't imagine not having this software.
It's safe and secure. Clients are able to upload documents and the documents are saved their portal which as a result, keeps us better organized. The task feature keeps us organized and we know exactly the status of each client.
Submit this form, and we will be in touch soon to give you a custom demo.
Set a time for one of our product specialists to give you a guided tour practice.
Leave a comment!